[RFC][PATCH 2/3] Introduce audit_security LSM hook - i386

From: Adrian Drzewiecki (z@private)
Date: Fri Dec 03 2004 - 11:01:22 PST


Patch 2/3: Make i386 arch use security_audit_syscall.
=====================================================

diff -ru linux-2.6.9-security_audit_syscall/arch/i386/kernel/ptrace.c 
linux-2.6.9-security_audit_syscall-x86/arch/i386/kernel/ptrace.c
--- linux-2.6.9-security_audit_syscall/arch/i386/kernel/ptrace.c	
2004-10-18 14:53:45.000000000 -0700
+++ linux-2.6.9-security_audit_syscall-x86/arch/i386/kernel/ptrace.c	
2004-12-02 21:13:37.000000000 -0800
@@ -15,6 +15,7 @@
 #include <linux/user.h>
 #include <linux/security.h>
 #include <linux/audit.h>
+#include <linux/module.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -524,23 +525,31 @@
 	return ret;
 }
 
-/* notification of system call entry/exit
- * - triggered by current->work.syscall_trace
- */
-__attribute__((regparm(3)))
-void do_syscall_trace(struct pt_regs *regs, int entryexit)
+void audit_syscall(struct task_struct *p, void *_regs, int entryexit)
 {
-	if (unlikely(current->audit_context)) {
+	if (unlikely(p->audit_context)) {
+		struct pt_regs __attribute__((__unused__)) *regs = _regs;
 		if (!entryexit)
-			audit_syscall_entry(current, regs->orig_eax,
+			audit_syscall_entry(p, regs->orig_eax,
 					    regs->ebx, regs->ecx,
 					    regs->edx, regs->esi);
 		else
-			audit_syscall_exit(current, regs->eax);
+			audit_syscall_exit(p, regs->eax);
 	}
+}
+
+EXPORT_SYMBOL_GPL(audit_syscall);
 
+/* notification of system call entry/exit
+ * - triggered by current->work.syscall_trace
+ */
+__attribute__((regparm(3)))
+void do_syscall_trace(struct pt_regs *regs, int entryexit)
+{
+	if (unlikely(test_thread_flag(TIF_SYSCALL_AUDIT)))
+		security_audit_syscall(current, regs, entryexit);
 	if (!test_thread_flag(TIF_SYSCALL_TRACE) &&
-	    !test_thread_flag(TIF_SINGLESTEP))
+			!test_thread_flag(TIF_SINGLESTEP))
 		return;
 	if (!(current->ptrace & PT_PTRACED))
 		return;
@@ -559,3 +568,4 @@
 		current->exit_code = 0;
 	}
 }
+
diff -ru linux-2.6.9-security_audit_syscall/include/asm-i386/ptrace.h 
linux-2.6.9-security_audit_syscall-x86/include/asm-i386/ptrace.h
--- linux-2.6.9-security_audit_syscall/include/asm-i386/ptrace.h	
2004-10-18 14:53:11.000000000 -0700
+++ linux-2.6.9-security_audit_syscall-x86/include/asm-i386/ptrace.h	
2004-12-02 21:11:25.000000000 -0800
@@ -64,4 +64,7 @@
 #endif
 #endif
 
+void audit_syscall(struct task_struct *p, void *regs, int entryexit);
+#define ARCH_HAVE_AUDIT_SYSCALL
+
 #endif



This archive was generated by hypermail 2.1.3 : Mon Dec 06 2004 - 16:16:48 PST